Solved: Re: Searching a port range

EricPartington · ‎03-01-2011

How can i search for matches using a port range on an extracted field?

for example:

if i want all events in port range 512-514 and i have a field extracted as dest_ip

or a larger extension, how to search using ranges of values?

ziegfried · ‎03-01-2011

You can search for ranges like this:

sourcetype=mysourcetype myfield>=512 myfield<=514

Which will give you results for events with myfield values from 512 to 514.

View solution in original post

ziegfried · ‎03-01-2011

You can search for ranges like this:

sourcetype=mysourcetype myfield>=512 myfield<=514

Which will give you results for events with myfield values from 512 to 514.

merrymana · ‎03-02-2019

Could you provide an example?

merrymana · ‎03-02-2019

I discovered another method to search for a range:
src_ip IN (10.10., 10.20., 10.30.)
or
dest_port IN (110, 111, 112, 113)
instead of
src_ip=10.10. OR src_ip=10.20.* OR src_ip=10.30.*
or
dest_port=110 OR dest_port=111 OR dest_port=112

Searching a port range

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

Searching a port range

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem